identity metasystem in location based persistent
play

Identity Metasystem in Location Based Persistent Authentication - PowerPoint PPT Presentation

Identity Metasystem in Location Based Persistent Authentication EuroCAT 2009 European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy Hasan Ibne Akram M.Sc. Computer Science Fraunhofer Institute


  1. Identity Metasystem in Location Based Persistent Authentication EuroCAT 2009 European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy Hasan Ibne Akram M.Sc. Computer Science Fraunhofer Institute for Secure Information Technology Munich, Germany Munich University of Technology Munich, Germany

  2. Outline - Motivation - Introduction to PAISE - Privacy Principles for Smart Environments - Identity Metasystem - Identity Metasystem Technologies - OpenID - Windows CardSpace - Higgins - Proposed Architecture - Evaluation - Conclusion & Future Outlook

  3. 3 Motivation - Authentication in smart environment is traditionally device centric - If the device is stolen, there is a good chance of your identity being stolen - User can be impersonated - Traditional Location Tracking System (LTS), e.g., RFID, GPS etc. has been criticized by the privacy proponents - LTS is inherently lacks privacy principles EuroCAT 2009 Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

  4. 4 Introduction to PAISE - A shift from device tracking paradigm to person tracking paradigm. - Person tracking using "Time-of-Flight" (TOF) cameras EuroCAT 2009 Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

  5. 5 Privacy Principles for Smart Environments - Notice - Choice and Consent - Anonymity and Pseudonymity - Proximity and Locality EuroCAT 2009 Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

  6. 6 Federated Identity 3 players of federation • Identity Provider Identity Metasystem • Relying Party • Subject/User EuroCAT 2009 Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

  7. 7 Identity Metasystem C Com pi l er TCP/ I P I dent i t y M I dent i t y M et asyst em et asyst em Assem Assem bl y bl y Assem Assem bl y bl y Assem Assem bl y bl y Et her net Et her net Tokenr i ng Tokenr i ng 802. 11 802. 11 Ker ber os Ker ber os X. 509 X. 509 SAM SAM L L http://www.identityblog.com/stories/2005/07/05/IdentityMetasystem.htm EuroCAT 2009 Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

  8. 8 Identity Metasystem Technologies –OpenID • Objective: Reduce username and password • Protocol was developed in 2005 • Main Features of OpenID – Light Weight Identity – Decentralized – Single-Sign-On • “ OpenID is a free and easy way to use a single digital identity across the Internet.” [ http://openid.net/ ] EuroCAT 2009 Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

  9. 9 Identity Metasystem Technologies – Windows CardSpace • Windows CardSpaceis a client software from Microsoft which is a visual metaphor for identity selector for the end- user. • Windows CardSpace provides controlling power to the end- users on the fact that which information (about the end- users) should reach to the Relying Party and which should not. • It is shipped with Windows Vista (or as an add-on in Windows XP); it is not meant to replace the other standards handling digital identity rather to utilize and extend them. • CardSpace is token agnostic, i.e. it supports any token type i.e. SAML, OpenID, Kerberos or custom token type. EuroCAT 2009 Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

  10. 10 Identity Metasystem Technologies – Higgins • An open source identity framework being developed at the Eclipse Foundation. • Higgins is a software infrastructure that supports consistence user experience that works with digital identity protocols, e.g. WS-Trust, OpenID, SAML, XDI, LDAP etc. • The main objective of the Higgins project is to manage multiple contexts, interoperability, define common interfaces for an identity system. • Various technologies including LDAP, SAML, WS-*, OpenID etc. can be plugged into the Higgins framework. EuroCAT 2009 Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

  11. 11 Identity Metasystem Technologies Evaluation w.r.t. the Privacy Principles EuroCAT 2009 Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

  12. 12 Proposed Architecture EuroCAT 2009 Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

  13. 13 Evaluation 1. Notice 2. Choice and Consent 3. Anonymity and Pseudonymity 4. Proximity and Locality EuroCAT 2009 Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

  14. 14 Conclusion &Future Outlook • Implementation of the architecture • Proof of Concept • Combining the Architecture with ProtectServe of Kantara Initiative Work Group - User Managed Access (UMA) – ProtectServe Specification • 4 Legged Scenario – User, IdP (the resource provider), RP (the consumer) and a Authorization Manager (AM) • Identity Dashboard • Web link: http://kantarainitiative.org/confluence/display/uma/Home EuroCAT 2009 Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

  15. 15 Thank you for paying attention. Questions? Contact: hasan.akram@sit.fraunhofer.de EuroCAT 2009 Identity Metasystem in Location Based Persistent Authentication - Hasan Ibne Akram European Workshop on Combining Context with Trust, Security and Privacy 9 September 2009, Pisa, Italy

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend


More recommend